nftables egyszerűen

Szerző: Sallai András
Copyright © Sallai András, 2022
Licenc: CC Attribution-Share Alike 4.0 International
Web: https://szit.hu

Tábla

nft add table filter

Lánc

nft add chain inet filter input

Szabály

nft add rule inet filter input tcp dport ssh accept

nft add rule inet filter input tcp dport http accept

nft add rule inet filter input drop

config

table inet filter {
    chain input {
        tcp dport 22 accept
        tcp dport 80 accept
        drop
    }
}

Példa

/etc/nftables.conf

table inet filter {
    chain input {
        type filter hook input priority 0;
        iifname lo accept
        tcp dport 22 accept
        log prefix "---ELDOB---"
        drop
    }
    chain forward {
        type filter hook forward pirority 0;
    }
    chain output {
        type filter hook output pirority 0;
    }
}
 
table ip nat {
    chain postrouting {
        type nat hook postrouting priority srcnat; policy accept;
        ip saddr 191.168.10.0/24 oif "enp0s8" masquerade
    }
}